Head of IT Security - Leeds - £50,000-60,000 + Car + Bonus
Harvey Nash are working with a large UK organisation that is looking for a Head of IT Security to join the team reporting into the CIO. This role would suit either an established Head of IT Security or a strong IT Security Manager looking to step up into a Head of position.
An experienced and technical Head of IT Security is required to join a large UK organisation. As the Head of IT Security, you will need to put controls in place to mitigate any risks from cyber-attacks and Information leakage and would focus on key areas within the business to provide this service inside the established information and IT Security governance framework and structure.
The role will be split 30% application security, 40% infrastructure security and 30% Security Strategy and reporting. The successful candidate will need to hold the technical side of the role and advise of cloud security in general and how to secure the Microsoft Azure platform.
Key Role Requirements
* The maintenance of the IT Security elements of the established group wide Information Security Management System (ISMS) and implement proactive change to comply with standards such as ISO27001/2 and SANS 20 Critical Controls.
* Drive progressive IT Security change and maturity improvement across the UK group.
* Identify IT Security gaps and weaknesses and develop strategies to close them.
* Work with the group compliance function, Business Assurance, on the management and reduction of IT Security Risk across the group.
* Promote the need for continuous security improvement across the group in line with the established ISMS and IT Architecture principles.
* Be the single point of contact for IT Security at the group level for all staff, middle and senior leaders. This includes Application, Infrastructure and Cloud technologies, layers and platforms.
* Become the groupwide IT Security representative and advisor at key committees and groups such as the Information Governance Board, Technical Security Group, IT Architecture Board, Change Management Groups and Project Management Board.
* Management of the group application security and vulnerability management process and system.
* Provide advice and consultancy in relation to infrastructure and application development, Cloud architecture and Azure Cloud from the IT Security standpoint.
* Manage the IT Security Incident Management process ensuring it maps to the Corporate Incident Management system.
* Previous experience in developing, managing and maintaining IT/Cyber Security strategies and management systems.
* Previous experience delivering complex security projects within a similar organisation is essential.
* IT Disaster Recovery and Business Continuity planning experience is essential.
* Strong stakeholder management experience and capability to converse at all levels up to executive.
* Ability to translate complex technical security concepts and threats into business language and show potential and actual impact.
* Ability to influence and manage challenging situations through to successful resolution.
* Ability to apply a pragmatic, analytic and consultative approach to find the right solution for the business.
* Focus on understanding the needs and experience of end users and delivering business value.
* Able to demonstrate pro-active approach to drive forward the cyber security improvement programme within a company.
* Passion for information Security and making a difference long term in a highly dynamic environment.
Qualifications & Experience
* Ideally be educated to degree level in IT / IT security related subject.
* Experience/knowledge of CISSP, ITIL, CISM, CISA, CEH, GAIC and/or ISO 27001 preferred with supporting qualifications desired but not essential.
* Working knowledge of IT Architecture frameworks and processes such as TOGAF. Qualification desired but not essential.
*Knowledge of the Data Protection Act (DPA) and GDPR is highly desirable.
* Capable of travelling.
Contact: James Walsh
Tel: 0121 717 1946
Ref number: 323789/002
Job reference information
|| (Please reference Dice when calling)